<p>S3 buckets can be versioned. When the S3 bucket is unversioned it means that a new version of an object overwrites an existing one in the S3
bucket.</p>
<p>It can lead to unintentional or intentional information loss.</p>
<h2>Ask Yourself Whether</h2>
<ul>
  <li> The bucket stores information that require high availability. </li>
</ul>
<p>There is a risk if you answered yes to any of those questions.</p>
<h2>Recommended Secure Coding Practices</h2>
<p>It’s recommended to enable S3 versioning and thus to have the possibility to retrieve and restore different versions of an object.</p>
<h2>Sensitive Code Example</h2>
<pre>
const s3 = require('aws-cdk-lib/aws-s3');

new s3.Bucket(this, 'id', {
    bucketName: 'bucket',
    versioned: false // Sensitive
});
</pre>
<p>The default value of <code>versioned</code> is <code>false</code> so the absence of this parameter is also sensitive.</p>
<h2>Compliant Solution</h2>
<pre>
const s3 = require('aws-cdk-lib/aws-s3');

new s3.Bucket(this, 'id', {
    bucketName: 'bucket',
    versioned: true
});
</pre>
<h2>See</h2>
<ul>
  <li> <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/Versioning.html">AWS documentation</a> - Using versioning in S3 buckets </li>
  <li> <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.Bucket.html#versioned">AWS CDK version 2</a> - Using versioning in S3
  buckets </li>
</ul>
